1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to methods and apparatus for detecting phishing.
2. Description of the Background Art
Phishing involves stealing information, such as usernames, passwords, and credit card information, by mimicking a legitimate organization in Internet communications. Phishing is typically perpetrated by sending emails that include a link to a webpage of a malicious website or other harmful content. Victims are fooled into clicking the link because the emails are designed to look like they are from a legitimate organization trusted by the victim.
Detecting phishing emails by analyzing the email content is difficult because a phishing email is designed to look like a legitimate email. Patterns or signatures for detecting phishing emails by pattern matching will also match legitimate emails, raising the number of false positives to unacceptable levels. Detecting phishing emails by uniform resource locator (URL) analysis is also problematic because phishing sites are constantly being relocated and their numbers are increasing.